Founder Signal
PassAudited by ClawScan on May 6, 2026.
Overview
Founder Signal appears purpose-aligned: it researches public Reddit/V2EX evidence, saves local review artifacts, and prepares—but does not automatically execute—a public Draft publish handoff.
Before installing, make sure you trust the external draft-cli dependency, keep configs and verified snapshots free of secrets, and review generated daily-review.md content before approving any public Draft publish action.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If approved, the generated review content could become public on Draft.
Publishing a public Draft page is a high-impact external action, but the artifact clearly requires explicit user confirmation before invoking the publishing tool.
Public Draft publication requires explicit confirmation before the downstream draft-cli skill is invoked.
Review daily-review.md or the shown preview carefully before approving any public Draft publication.
Installing the skill also installs and runs an external Draft CLI package locally.
The skill relies on an external npm-installed CLI for Draft integration. This is disclosed and purpose-aligned, but it introduces dependency provenance and update trust considerations.
node | package: @innosage/draft-cli | creates binaries: draft
Install only if you trust the Draft CLI package source and review package provenance or versioning controls if your environment is sensitive.
Local artifacts may contain product positioning details, source-post text, and research history that future runs may rely on.
The skill intentionally stores product profile data, evidence snapshots, run artifacts, and candidate history for reuse and traceability.
Every run must persist a run folder... The import step writes an internal runtime profile under `profiles/` plus a normalized canonical copy under `config-imports/`.
Avoid putting secrets or confidential strategy in configs or snapshots, and periodically review or delete old profiles, runs, logs, and history if needed.